Re: Question about Status field in requests

Tommy, 

Thanks for your reply.

On Mon, Jan 24, 2005 at 12:34:22PM +0000, Tommy Lindberg wrote:
> 
[snip]
> 
> It looks like the primary intended use of the KeyBindingType is
> in the KeyBinding element in a ValidateResult. It is not clear
> how a server can make use of the Status element in Revoke, Reissue
> anad Recover operations and in any case, I think the server should
> probably not rely on the client's opinion of the Status of a
> key binding.
> 
> The fact that the {Revoke, Reissue, Recover}KeyBinding elements are all
> of type KeyBindingType has the unfortunate(?) effect that the Status element
> is required in all of these elements.  Instead they should be of types 
> derived directly from UnverifiedKeyBindingType (or KeyBindingAbstractType);
> this would allow for information set elements better suited for each of the
> intended purposes.

If we don't want to change much things, we can change the wording in the
spec to say that for the above elements, the Status element has to have the 
value "Indeterminate", giving the reasons stated in the two paragraphs
above.

> Also, the addition of a RevocationReason info set element in a RevokeRequest
> would be welcome - at least X509 and PGP supports this notion.
> 
> All of this obviously implies schema changes and it is getting late for that.

Yes. We can collect those ideas in a document, so that we don't forget
about them if we are ever going to do an XKMS rev. spec.

-jose

Received on Tuesday, 25 January 2005 16:02:45 UTC